Re: [Evolution-hackers] Imminent critical SSL problem in evolution 3.10

From: James Bottomley <James Bottomley HansenPartnership com>
To: Milan Crha <mcrha redhat com>
Cc: evolution-hackers gnome org
Subject: Re: [Evolution-hackers] Imminent critical SSL problem in evolution 3.10
Date: Mon, 27 Oct 2014 10:00:04 -0700

On Mon, 2014-10-27 at 07:13 +0100, Milan Crha wrote:

On Sat, 2014-10-25 at 11:53 -0700, James Bottomley wrote:

It looks like the recently released openssl 1.0.1j breaks evolution 
by
causing it to have no overlapping cyphersuites.  I've created a bug 
for
it here:

https://bugzilla.gnome.org/show_bug.cgi?id=739179

But it needs fixing as a matter of urgency, since this is the version
most desktop distros ship and with heartbleed it won't take long for 
all
the imap clients to be upgraded to this version.


        Hi,
I closed the bug, the fix is referenced from:
https://mail.gnome.org/archives/evolution-list/2014-October/msg00113.html

As I wrote in the bug, you should ask the evolution-data-server 
maintainers in your distribution to include the fix.


OK, I reopened it as incomplete.  You can't close it as FIXED when it
isn't upstream in the gnome tree because that's going to cause massive
confusion: a package maintainer reading the bugzilla list is going to
think they're getting the fix from the 3.10 branch when, in fact,
they're not.  If there's some reason not to incorporate the distro patch
into the 3.10 fixes branch, then close it as WONTFIX with reference to
the distro patch.

James

Follow-Ups:
- Re: [Evolution-hackers] Imminent critical SSL problem in evolution 3.10
  - From: Milan Crha

References:
- [Evolution-hackers] Imminent critical SSL problem in evolution 3.10
  - From: James Bottomley
- Re: [Evolution-hackers] Imminent critical SSL problem in evolution 3.10
  - From: Milan Crha

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]